Dear all,
I am proposing a new opcode for the purposes of anonymous
transactions. This new opcode enables scripts to be given proof that
the receiver can carry out or has carried out a previous transaction.
I'm currently working on a paper that discusses using this opcode for
anonymous transactions.
Name: OP_CHECKEXPSIG
Stack before: <sig><pk><hash>
Stack after: T/F, where is true if sig is a ECDSA signature under pk
for the hash hash. (Hash is the hash of a message).
Uses: Preexisting digital cash techniques relied on keeping track of a
list of turned in notes to forbid double spending. Using
OP_CHECKEXPSIG we can instead pass the script that gives the nth note
value proof that the notes {1,...n-1} were turned in and are distinct.
This enables a coupling of the strong double spend protection of
Bitcoin with traditional digital cash's strong anonymity.
Sincerely,
Watson Ladd